Planning and reconnaissance

In the planning and reconnaissance phase, we define the scope of the penetration test. This initial phase requires a lot of planning, and you need to answer questions, such as:

• What is the scope of the pentest?
• What are the restricted URLs?
• What are the various subdomains in scope?
• Are there multiple applications hosted on the same domain in different folders?
• Are there any other platforms where this application is hosted (that is, mobile applications, web applications, desktop applications, and so on)

Once you have answered these questions, you will get some clarity on what is to be tested and what's not. Depending on whether it is a black box or a white box test, further enumeration takes places. In either of the cases, we will have to go ahead and discover all the files and folders of the application in scope and identify the endpoints. Later, in the next chapter, we will see how to discover new files and folders using Burp.